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ABSTRACT 



In accordance with a first aspect, a remote server receives 
video programming in a first encrypted form and stores the 
video programming. After the remote server receives a 
request from a subscriber station for transmission of the 
video programming, the remote server decrypts the video 
programming, re-encrypts the video programming into a 
second encrypted form, and then transmits the video pro- 
gramming to the subscriber station. In accordance with a 
second aspect, a remote server receives video programming 
in a first encrypted form, decrypts the video programming, 
re-encrypts the video programming into a second encrypted 
form, and then stores the video programming. After the 
remote server receives a request from a subscriber station, 
the remote server simply transmits the video programming. 
In accordance with a third aspect, a remote server receives 
video programming in a first encrypted form and stores the 
video programming. After the remote server receives a 
request from a subscriber station, the remote server passes 
through the video content by transmitting the video pro- 
gramming. In accordance with a fourth aspect, a remote 
server receives pre -encrypted video programming and stores 
it. After the remote server receives a request from a sub- 
scriber station, the remote server completes encryption of 
the video programming and then transmits the video pro- 
gramming. 

34 Claims, 8 Drawing Sheets 
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SECURE DISTRIBUTION OF VIDEO 
ON-DEMAND 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention relates generally to the field of video 
distribution networks. In particular, this invention relates to 
secure video distribution networks. 

2. Description of the Background Art 

Security is an important issue for video distribution 
networks. For cable distribution networks, there are various 
portions or locations where security is of concern. 

A first portion where security is of concern is the primary 
distribution network. The primary distribution network is 
where video content is transferred from television studios to 
distribution centers. A second portion where security is of 
concern is the secondary distribution network. The second- 
ary distribution network is where the video content is 
transmitted from a distribution center to subscriber stations. 

For video on-demand distribution networks, there is an 
additional point where security is of concern. That point is 
a remote server within a distribution center. Typically, such 
a remote server stores the video content before the video 
content is distributed to the subscriber stations. 

SUMMARY OF THE INVENTION 

The present invention provides a solution to the security 
issues presented above, especially with regards to security at 
a remote server. In accordance with a first aspect of the 
invention, a remote server receives video programming in a 
first encrypted form and stores the video programming in the 
first encrypted form. After the remote server receives a 
request from a subscriber station for transmission of the 
video programming, the remote server decrypts the video 
programming, re-encrypts the video programming into a 
second encrypted form, and then transmits the video pro- 
gramming in the second encrypted form to the subscriber 
station. 

In accordance with a second aspect of the invention, a 
remote server receives video programming in a first 
encrypted form, decrypts the video programming, 
re-encrypts the video programming into a second encrypted 
form, and then stores the video programming in the second 
encrypted form. After the remote server receives a request 
from a subscriber station for transmission of the video 
programming, the remote server simply transmits the video 
programming in the second encrypted form to the subscriber 
station. 

In accordance with a third aspect of the invention, a 
remote server receives video programming in a first 
encrypted form and stores the video programming in the first 
epcTypted.form. After the .remote server receives a request 
from a subsoiber station for transmission of the video 
programming, the remote server passes through the video 
content by transmitting the video programming in the first 
encrypted form to the subscriber station. 

In accordance with a fourth aspect of the invention, a 
remote server receives pre-encrypted video programming 
and stores the pre-encrypted video programming. After the 
remote server receives a request from a subscriber station for 
transmission of the video programming, the remote server 
completes encryption of the video programming and then 
transmits the video programming to the subscriber station. 
At the subscriber station, the video programming is fiilly 
decrypted. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a schematic diagram of a conventional cable 
distribution network. 

FIG. 2 is a flow chart depicting a conventional insecure 
process for distributing video content via a conventional 
cable distribution network. 

FIG. 3 is a flow chart depicting a conventional 
(somewhat) secure process for distributing video content via 
a conventional cable distribution network. 

FIG. 4 is a schematic diagram of a cable distribution 
network including a video on-demand source in accordance 
with a preferred embodiment of the present invention. 

FIG. 5A is a flow chart depicting a secure process for 
15 disUibuting video on-demand content via a cable distribu- 
tion network in accordance with a first aspect of the present 
invention. 

FIG. 5B is a flow chart depicting a secure process for 
distributing video on-demand content via a cable distribu- 
20 tion network in accordance with a second aspect of the 
present invention. 

FIG. 6 is a flow chart depicting a secure process for 
distributing video on-demand content via a cable distribu- 
tion network in accordance with a third aspect of the present 
25 invention. 

FIG. 7 is a flow chart depicting a secure process for 
distributing video on-demand content via a cable distribu- 
tion network in accordance with a fourth aspect of the 
present invention. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENTS 

FIG. 1 is a schematic diagram of a conventional cable 
distribution network. The conventional cable distribution 
35 network typicaUy includes one or more broadcast sources 
102, one or more premium broadcast sources 104, one or 
more distribution centers 106, one or more secondary dis- 
tribution networks 108, and a plurality of subscriber stations 
110. 

40 The broadcast source 102 may be, for example, a local 
television station. For instance, an affiliate station of a major 
network such as ABC, NBC, CBS, FOX, or UPN. The 
premium broadcast source 104 may be, for example, a 
premium channel such as HBO, Showtime, Cinemax, and so 

45 on. The sources 102 and 104 may be coupled via a primary 
distribution network to the distribution center 106. The 
distribution center 106 may be, for example, a cable head- 
end. The distribution center 106 may be coupled via a 
secondary distribution network 108 to the subscriber stations 

50 110. The secondary distribution network 108 comprises may 
include, for example, various amplifiers, bridges, taps, and 
drop cables. Finally, the subscriber stations 110 may be, for 
example, set-top boxes and associated television equipment 
for viewing the yideo content t?y end; users. ■ 

55 FIG. 2 is a flow chait depicting a conventional insecure 
process for distributing video content via a conventional 
cable distribution network. First, a non-premium video 
signal is transported 202 from the broadcast source 102 to 
the distribution center 106. At the distribution center 106, 

60 the video signal is multiplexed 204 with other signals to 
generate a multiplexed signal. The multiplexed signal is then 
distributed 206 from the distribution center 106 via the 
secondary distribution network 108 to the subscriber stations 
110. At the subscriber stations 110, the multiplexed signal is 

65 demultiplexed 208 to isolate the video signal, and then the 
video signal is displayed 210, typically, on a television 
monitor. 
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FIG. 3 is a flow chart depicting a conventional and Adleman) system. Alternatively, the second key nnay be 
(somewhat) secure process for distributing video content via a private key of a private key encryption system. Such a 

a conventional cable distribution network. First, a premium private key encryption system uses a single private key to 
video signal is encrypted 302 to generate an encrypted encrypt and decrypt data. Examples of such a private key 

signal. The encrypted signal is transported 304 from the 5 encryption system is encryption under the Data Encryption 

premium broadcast source 104 to the distribution center 106. Standard (DES) or under triple-DES which involves apply- 

At the distribution center 106, the video signal is mg DES three times to enhance security. The private key(s) 

decrypted 306 to regenerate the premium video signal. The transmitted from the remote server 404 to the 

premium video si^al is then Gambled 308 and multi- f^^""^' "^^^^ ^'''''^'^'^ '° ' ^'''''^^'^ 

plcxed 310 with other signals to generate a multiplexed 10 ' . 

I.- I Tn, ™ I.- 1 A ' 1 ' *u J- * -i_ * jii-ii:. Alter the video program is re-encrypted 512, the 

signal The multiplexed signal is then distributed 312 from program in the second eocryptS form (and the 

the distribution center 106 via the secondary distribution ^^cond key if necessary) ^ nTnltfpl..i;H w.tH other 

network 108 to the subscriber stations 110. sign als to generate a multipSdTK^ 

At the subscriber stations 110, the multiplexed signal is ^sig dAl is then distributed 316 via the iUieon tl arydi strib ^^ 

demultiplexed 314 to isolate the scrambled video signal, the ^^"Tjgt g ^ 108 tu the s utjai ii ilKX^tailoti^^ 

scrambled video signal is unscrambled 316, and then the At the subscriber's^tions llOHEe multiplexed signal is 

video signal is displayed 318, typically, on a television demultiplexed 518 to isolate the re-encrypted program in the 

mdmtbr connected to a set-top box. The process in FIG. 3 is second encrypted form (and the second key if necessary), the 

a typical conventional process for delivering premium video re-encrypted program is decrypted 520 from the second 

using scrambling. Other conventional processes also exist. 20 encrypted form to generate the unencrypted video program, 

FIG. 4 is a schematic diagram of a cable distribution and then the video program is displayed 522, typically, on a 

network including a video on-demand source in accordance television monitor connected to set-top box. 

with a preferred embodiment of the present invention. In piG. 5B is a flow chart depicting a secure process for 

addition to the components of the conventional cable dis- distributing video on-demand content via a cable distribu- 

tribution network shown in FIG. 1, the cable distribution tion network in accordance with a second aspect of the 

network shown in FIG. 4 includes a video on-demand source present invention. The process depicted in FIG. SB may be 

402 and a remote server 404. The video on-demand source called a decrypt, re-encrypt, and store process. In compari- 

402 may house, for example, a collection of video programs son with the process in FIG. 5A, the process in FIG. 53 

such as, for example, movies. As shown in FIG. 4, the decrypts 510 and re-encrypts 512 the video program before 

remote server 404 may be located within the distribution the video program is stored 506 in the remote server 404, 

center 106. Hie remote server 404 may include, for example, ^^^^^ ^ ^ideo program is encrypted 502 by a video 

a paraUel processing computer configured to be a video on-demand source 402 to generate an encrypted program in 

server, a disk dnve array to store video data, and a video ^ firet encrypted form. The encrypted program is transported 

session manager to provide session control of the video data 504 ^ia a primary distribution network from the video 

flowmg to and from the video server. on-demand source 402 to a remote server 404 within a 

FIG, 5A is a flow chart depicting a secure process for distribution center 106. At this point, the remote server 510 

distributing video on-demand content via a cable distribu- decrypts 510 the video program from the first encrypted 

tion network in accordance with a first aspect of the present form. A first key may be used to accomplish such decryption 

j^yeqtion. The process depicted in FIG. 5A may be called a ^ 510, and such key may have.been received from the video 

store, decrypt, and re-encrypl process. on-demand source 402 via a communication channel that is 

First, a video program is encrypted 502 by a video separate from the one used to transmit the video program, 

on-demand source 402 to generate an encrypted program in After the video program is decrypted 510, the remote server 

a first encrypted form. The encrypted program is transported 404 re-encrypts 512 the video program into a second 

504 via a primary distribution network from the video 45 encrypted form using a second key. After the decryption 510 

on-demand source 402 to a remote server 404 within a and re-encryption 510, the re-encrypted program is then 

distribution center 106. The encrypted program is then stored 506 in the remote server 404. 

stored 506 in the remote server 404, Note that step 506 in FIG. 5B differs from step 506 in FIG. 

Subsequently, when the remote server 404 receives 508 a 5A, in that step 506 in FIG, 5B involves storing the video 

request for transmission of the video program from a sub- 50 program in the second encrypted form, while step 506 in 

scriber station HO, the remote server 404 responds by first FIG. 5A involves storing the video program in the first 

decrypting 510 the video program from the first encrypted encrypted form. 

form. A first key is may be used to accomphsh such Subsequently, when the remote server 404 receives 508 a 

■ ^decryption 510^ an d such key may have been received t'rom request for transmission of the video program from, sub- 

the video on-demand source 402 via a communication 55 scriber station 110, the remote server 404 responds by 

channel that is separate from the one used to transmit the multiplexing 514 the re-encrypted program in the second 

video program. After the video program is decrypted 510, encrypted form (and the second key if necessary) with other 

the remote server 404 re-encrypts 512 the video program signals to generate a multiplexed signal. The multiplexed 

into a second encrypted form using a second key. signal is then distributed 516 via the secondary distribution 

The second key may be a public key of a public key 60 network 108 to the requesting subscriber station 110. 

encryption system. Such a public key encryption system At the subscriber stations 110, the multiplexed signal is 

uses two different key: a public key to encrypt data and a demultiplexed 518 to isolate the re-encrypted program in the 

private key to decrypt data. In that case, decryption would be second encrypted form (and the second key if necessary), the 

accomplished using a corresponding private key of the re-encrypted program is decrypted 520 from the second 

public key encryption system. Examples of such a public 65 encrypted form to generate the unencrypted video program, 

key encryption system is encryption under the PGP (Pretty and then the video program is displayed 522, typically, on a 

Good Privacy) system or under the RSA (Rivest, Shamir, television monitor connected to set-top box. 
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FIG. 6 is a flow chart depicting a secure process for encryption step 702 uses a cJouble DES encryption, then the 

distributing video on-demand content via a cable distribu- completion of encryption step 704 may be implemented by 

tion network in accordance with a third aspect of the present applying a single DES encryption to achieve triple-DES 

invention. The process depicted in FIG. 6 may be called a encryption. In either case, the video program is transported 

pass-through process. 5 froni ibe remote server 404 to the subscriber station 110 

First, a video program is encrypted 602 by a video while under tfipIe-DES encryption^As long as the subsmber 

on-demand source 402 to generate an encrypted program in T ''^55„f«l'"«=«l;. " ^^le ^o fuUy 

a first encrypted form. The encrypted progrlm is frai^ported ^'P^^'^^ encryption to obtam the unen- 

£ii\A ' ' J- * -u *• *, 1 r .1. J crypted video program. 

604 via a primary distribution network from the video rf • . u j * ^ .u . c i. • ^ 

A ^ A ^ AM ^ * -*Aj in It IS to be understood that the specific mechamsms and 

on-demand source 402 to a remote server 404 withm a 10 u* uu u j -u j i -n . 

J. , . inxr A 1 .J i_ , techmques which have been described are merely illustrative 

distnbution center 106. A key to decrypt the encrypted application of the principles of the invention. For 

program may also be transported from die source 402 to the ^^^pj^^ ^^^^^ ^^^^^ my^niion is described in appli- 

scrver 404. The encrypted program is then stored 606 m the cation to video on-demand, it also has some appUcation in 

remote server 404, broadcast video. Numerous additional modifications may be 

The key may be a public key of a public key encryption made to the methods and apparatus described without 

system. Such a public key encryption system uses two departing from the true ^irit of the invention, 

different key: a public key to encrypt data and a private key What is claimed is: 

to decrypt data. In that case, decryption would be accom- 1. A secure method performed by a remote server for 

plished using a corresponding private key of the public key providing video programming requested by at least a first of 

encryption system. Examples of such a pubhc key encryp- a plurality of subscriber stations, the method comprising: 

tion system is encryption under the PGP (Pretty Good receiving the video programming in a first encrypted form 

Privacy) system or under the RSA (Rivest, Shamir, and from a programming source; 

Adleman) system. Alternatively, the key may be a private storing the video programming in the first encrypted form; 
key of a private key encryption system. Such a private key receiving a request from a subscriber station for trans- 
encryption system uses a smgle private key to encrypt and ^^^^^ ^^e video programming; 
decrypt data. Examples of such a pnvate key encryptioij decrypting the video proeramming from the first 
system is encryption under the Data Encryption Standard encrvnteH form- 
(DES) or under triple-DES which involves applying DES encrypiea lorm, 

three times to enhance security. The private key(s) itself may re-encrypting the video programmmg mto a second 

be transmitted from the source 402 to the server 404 while encrypted torm, and 

encrypted in a second encrypted form. Alternatively, the ^^"^"'S transmission of the video programming in the 

private key(s) may be transported from the source 402 to the ^^^^ encrypted form to the subscriber station, 

server 404 via a communication channel which is separate 2. The method as set forth in claim 1, wherein the video 

from the communication channel used to transport the video programming m the second encrypted form is to be 

program from the source 402 to the server 404. decrypted from the second encrypted form using a key 

Subsequenay, when the remote server 404 receives 608 a ^' T^e method as set forth m claim 2, wherein the second 

request for transmission of the video program from a sub- ^"""TT^t ^°™P^^ ^. publtc-key cncryphon, 

scriber station 110, the remote server 404 responds by key comprises a private key to decrypt the public- 

multiplexing 610 Jhe,. encrypted program in the first _ \ . c .t^ • i - ^ -....l^--.^ • 

i / A *u V'" l \ -.u *u • ^ ^ 4. The method as set forth m claim 2, wherein 'the'kfey is* 

encrypted form (and the key if necessary) with other signals ^ •** j * *l i. . • .i. ^ 

^ u- 1 J • ,,.1 .... transmitted to the subscriber station m a third encrypted 

to generate a multiplexed signal. The multiplexed signal is f u .u * .u u -u ^ " 

then distributed 612 via the Londary distribution ne^ork ?'™ ^f" '"e f bs^ber station must decrypt the key 

108 to the requesting subscriber station 110. before decrypUng the video programtnmg^ 

^ ^ 7^ ^ . ^ , . 5. The method as set forth m claim 2, wherem the second 

At the subscnl)er stauons 110, the multiplexed sigpal is ,5 encrypted form includes encryption utilizing a Data Encryp- 

demultiplexed 614 to isolate the encrypted program in the Standard 

first encrypted form (and the key if necessary), the encrypted ^ The method as set forth in claim 1, wherein a key is 

program is decrypted 616 from the first encrypted form to ^3^^ decrypt the video programming from the first 

generate the unencrypted video program, and then the video encrypted form, and wherein the video programming in the 

program IS displayed 618, typicaUy, on a television monitor 50 fi^t encrypted form and the key are received from the 

connected to set-top box. programming source via separate communication channels. 

FIG. 7 is a flow chart depicting a secure process for 7. The method as set forth in claim 1, wherein causing 

distributing video on-demand content via a cable distribu- transmission of the video programming in the second 

tion network in accordance,:with_ a, fpurth aspect of the^ _ .encrypted form to the subscriber station includes multiplex-;, 

present invention. The process depicted'in FIG. 7 may IxT 55 ing the video programming in the second encrypted form 

called a multiple-layer encryption process. In comparison with other signals to create a multiplexed signal and causing 

with the process in FIG. 6, the process in FIG. 7 pre-encrypts transmission of the multiplexed signal to the subscriber 

702 the video program at the source 402, completes encryp- station. 

tion 704 of the video program at the remote server 404, and 8. The method as set forth in claim 1, wherein the remote 

fully decrypts 706 the video program at the subscriber 50 server comprises a remote video on-demand server, 

station 110. 9 fjje method as set forth in claim 1, wherein the remote 

The pre-eocryption step 702 may be implemented by server is located within a head-end, and the transmission to 

applying a single DES encryption or a double DES encryp- the subscriber station occurs via a secondary distribution 

tion. If the pre-encryption step 702 uses a single DES network. 

encryption, then the completion of encryption step 704 may 65 10. The method as set forth in claim 1, wherein the 

be implemented by applying a double DES encryption to receiving from the programming source occurs via a primary 

achieve triple-DES encryption. Similarly, if the pre- distribution network. 
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U. A secure method performed by a remote server for responding to the request by causing transmission of the 

providing video programming requested by at least a first of video programming in the first encrypted form to the 

a plurality of subscriber stations, the method comprising: subscriber station, 

receiving the video programming in a first encrypted form 22. The method as set forth in claim 21, wherein the video 

from a programming source; 5 programming in the first encrypted form is to be decrypted 

decrypting the video programming from the first from the first encrypted form using a key. 

encrypted form; 23. The method as set forth in claim 22, wherein the first 

re-encrypting the video programming in a second encrypted form comprises a form of public-key encryption. 

encrypted form; and the key comprises a private key to decrypt the public- 
storing the video programming in the second encrypted encryption. 

form; 24. The method as set forth in claim 22, wherein the key 

receivirig a request from a subscriber station for trans- f transmitted to the subscriber station in a second encrypted 

mission of the video programming; and ^uch that the subscnber station must decrypt the key 

causing transmission of the video programming into the i5 before decrypting the video programming. 

second encrypted form to the subscriber station. jn^^hod as set forth in claim 22, wherem^e first 

12. The method as set forth in claim 11, wherein the video enacted form mcludes encryption utilizmg a Data Encryp- 
programming in the second encrypted form is to be !^ \ . r l • 

decrypted from the second encrypted form using a key. The method as set forth in claim 21, wherein a key is 

13. The method as set forth in claim 12, wherein the 20 used to decrypt the video programming from the first 
second encrypted form comprises a form of public-key encrypted form and wherem the video prograniming in the 
encryption, and the key comprises a private key to decrypt encrypted form and the key are received from the 
the public-key encryption programmmg source via separate communication channels. 

14. The method as set forth in claim 12, wherein the key ^7. The method as set forth in claim 21, wherein causing 
is transmitted to the subscriber station in a third encrypted 25 ^ansmission of the video programming in the first encrypted 
form such that the subscriber station must decrypt the key subscnber station mcludes multiplexing the 
before decrypting the video programming. ""'^^ programming in the first encrypted form with other 

15. The method as set forth in claim 12, wherein the ^^8°^^ ^ ^ multiplexed signal and causing transmis- 
second encrypted form includes encryption uUlizing a Data °f multiplexed signal to the subscnber station. 
Encryption Standard 30 28. The method as set forth in claim 21, wherein the 

16. The method as* set forth in claim 11, wherein a key is ^'J^^*'^^^' comprises a remote video on^demaod server, 
used to decrypt the video programming from the first 29. The method as set forth in clami 21, wherein the 
encrypted form, and wherein the video programming in the '^^""^^ ^"^^^ ^^^^^^ ^ head-end, and the trans- 
first encrypted fonn and the key are received from the .^^"^ ^« -^^"^^^^ ^^^^ *° subscriber station 
programming source via separate communication channels. 35 ^^^^^l^ ^ secondary distribution network. 

17. The method as set forth in claim 11, wherein causing ^0. The method as set forth m claun 21, wherein the 
transmission of the video programming in the second receiving from the programming source occurs via a primary 
encrypted form to the subscriber station includes multiplex- distribution network 

ing the video programming in the second encrypted form ^^/^ ""^^^^^ perfonned by a remote server for 

with other signals to create a multiplexed signal and causing 40 'providing video programmmg requested by at least a first of 

transmission of the muhiplexed signal to the subscriber ^ pl^rahty of subscnber stations, the method comprismg: 

station. receiving the video programming in a pre-encrypted form 

18. The method as set forth in claim 11, wherein the a programming source; 

remote server comprises a remote video on-demand server. storing the video programming in the pre-encrypted form; 

19. The method as set forth in claim 11, wherein the receiving a request from a subscriber station for trans- 
remote server is located within a head-end, and the trans- mission of the video programming; 

mission to the subscriber station occurs via a secondary „ ^ r .u^ a • 

^ completmg encryption or the video programrmng to a 

distnbution network. a ii * j ^ ^ 

/^^v r« , J ^ . . t . 1 . . fully encrypted form; and 

20. The method as set forth m claim 11, wherem the 

receiving from the programming source occurs via a primary 50 causmg transmission of the video programmmg in the 

distribution network. encrypted form to the subscriber station. 

21. A secure method performed by a remote server for The method as set forth in claim 31. wherein the frilly 
providing video programming requested by at least a first of ^^^^Pj^ form compnses a tnpIe-DES encrypted form. 

«a pluraUty of subscriber stations, the method comprising: ^3. ,The„m^thod as set^ fo^tt? in. cbun.^^32, wherein the 

...... ■ ' c . 55 pre-encrypted form comprises a smgle-DES encrypted form. 

rec^ivmg the video programmmg ma first encrypted form 3^ ^^^^^ ^ ^ ^^^^ Xrein the 

from a programmmg source; pre-encrypted fonn comprises a double-DES encrypted 

storing the video programming in the first encrypted form; form. 

receiving a request from a subscriber station for trans- 
mission of the video programming; and * * ♦ ♦ » 
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